Deploy360 20 January 2014

Great News! Over 50% Of All Top-Level Domains Now Signed With DNSSEC!

By Dan YorkSenior Advisor

The Internet hit a great DNSSEC deployment milestone today – over 50% of all TLDs are now signed! As Chris Thompson pointed out on the dnssec-deployment mailing list, if you go to a site such as ICANN’s TLD DNSSEC report that was run this morning, you’ll now see that 222 (53%) of 415 TLDs in the root zone of DNS are now signed with DNSSEC. Even better, 216 (52%) have a DS record in the root zone, which means that the DNSSEC “chain of trust” can be established for domains underneath all of those TLDs:

icann-tld-dnssec-20140120

Now, granted, as Chris noted in his message, this milestone has primarily happened because of the ongoing influx of all the DNSSEC-signed “new generic top-level domains (newgTLDs)“.  You can see this rather dramatically in a graph from Rick Lamb’s DNSSEC statistics site:

DNSSEC trend statistics

Regardless, it is great to see this milestone!

With over 50% of TLDs signed, have you signed your domain yet?  (Check out our tutorials on signing your domain with DNSSEC and also our DNSSEC Basics page.)

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...